Despite the push for adoption of chip and PIN payments in the US, experts have warned that the EMV standard still holds significant security threats.
Speaking at the Black Hat security conference in Las Vegas on Thursday, Ross Anderson, a security engineering professor at Cambridge University with 25 years of experience in payment systems security, warned that EMV suffers from both regulatory and security problems, some of which have already been exploited in attacks.
While conceding that chip and PIN remains superior to swipe cards in many ways, Anderson highlighted a number of attacks possible against EMV that banks have tried to downplay as impractical or overly complex for cybercriminals to launch.
Researchers demonstrated to the Black Hat audience how they could take over mobile payment terminals by using a malicious EMV card. They declined to name any of the vendor devices, as not all of the flaws are yet patched.
Anderson told the audience: “We’ve been using EMV in the U.K. for 11 years and have a lot of experience understanding how these things break. When this started, we thought we knew what the shortcuts were and what fraud would be, but reality was quite different.”
Nine out of ten consumers use their smartphones more than any other device, and consumers would also prefer to use biometrics over PINs - with fingerprints being the preferred method, according to a new Mastercard survey.
Fresh from its $4.5bn IPO, Nordic payments processor Nets has picked Spire as its partner to help with the physical roll out of mobile payments for Dankort customers.
Square has introduced a new update to its contactless and chip readers that reduces transaction speed to 4.2 seconds.
It seems laptops are about to catch the biometric fever as PayPal, Intel, Lenovo and Synaptics are collaborating to introduce FIDO-enabled embedded fingerprint solution to PCs.